Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:pppossh:client [2023/03/12 23:52] – [1. Preparation] vgaetera | docs:guide-user:services:vpn:pppossh:client [2023/10/29 01:01] – consolidate naming vgaetera | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | * This how-to describes the method for setting up [[https:// | + | * This how-to describes the method for setting up PPPoSSH client on OpenWrt. |
| * Follow [[docs: | * Follow [[docs: | ||
| Line 12: | Line 12: | ||
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| Install the required packages. | Install the required packages. | ||
| - | Specify | + | Specify configuration parameters |
| <code bash> | <code bash> | ||
| Line 23: | Line 23: | ||
| VPN_PORT=" | VPN_PORT=" | ||
| VPN_SERV=" | VPN_SERV=" | ||
| - | VPN_ADDR=" | + | VPN_ADDR=" |
| - | VPN_USER=" | + | VPN_USER=" |
| - | VPN_PRIV="/ | + | |
| - | VPN_PUB=" | + | |
| </ | </ | ||
| - | ==== 2. Firewall | + | ==== 2. Key management |
| - | Consider VPN network as public. | + | Generate and exchange [[docs: |
| - | Assign VPN interface to WAN zone to minimize firewall setup. | + | Set up key-based authentication. |
| <code bash> | <code bash> | ||
| - | # Configure firewall | + | # Client private key |
| - | uci rename firewall.@zone[0]="lan" | + | VPN_KEY="/ |
| - | uci rename firewall.@zone[1]="wan" | + | |
| - | uci del_list firewall.wan.network="${VPN_IF}" | + | # Generate client public key |
| - | uci add_list firewall.wan.network=" | + | dropbearkey -y -f ${VPN_KEY} \ |
| - | uci commit firewall | + | | sed -n -e "/ |
| - | /etc/init.d/firewall restart | + | |
| + | # Server public key | ||
| + | VPN_PUB="$(cat sshserver.pub)" | ||
| + | |||
| + | # Configure PKI | ||
| + | mkdir -p /root/.ssh | ||
| + | cat << EOF >> /root/.ssh/ | ||
| + | ${VPN_SERV} ${VPN_PUB% *} | ||
| + | EOF | ||
| + | cat << EOF >> | ||
| + | /root/.ssh | ||
| + | EOF | ||
| </ | </ | ||
| - | ==== 3. Network ==== | + | ==== 3. Firewall ==== |
| + | {{section> | ||
| + | |||
| + | ==== 4. Network ==== | ||
| Set up VPN interface. | Set up VPN interface. | ||
| <code bash> | <code bash> | ||
| - | # Configure SSH client | ||
| - | mkdir -p ~/.ssh | ||
| - | cat << EOI > ~/ | ||
| - | ${VPN_PUB} | ||
| - | EOI | ||
| - | |||
| # Configure network | # Configure network | ||
| uci -q delete network.${VPN_IF} | uci -q delete network.${VPN_IF} | ||
| Line 62: | Line 68: | ||
| uci set network.${VPN_IF}.peeraddr=" | uci set network.${VPN_IF}.peeraddr=" | ||
| uci set network.${VPN_IF}.sshuser=" | uci set network.${VPN_IF}.sshuser=" | ||
| - | uci add_list network.${VPN_IF}.identity=" | + | uci add_list network.${VPN_IF}.identity=" |
| uci set network.${VPN_IF}.ipv6=" | uci set network.${VPN_IF}.ipv6=" | ||
| uci commit network | uci commit network | ||
| - | / | + | service |
| </ | </ | ||
| Line 78: | Line 84: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||